On Feb 14, 2008, at 3:26 AM, Charles Lindsey wrote:
On Wed, 13 Feb 2008 22:46:10 -0000, Douglas Otis <dotis(_at_)mail-
abuse.org> wrote:
Agreed. DKIM can be employed in conjunction with _many_ transport
protocols. While a domain may assert they sign "all" their SMTP
traffic, they may not be signing other types of traffic that could
potentially use DKIM signature headers. How would a domain
indicate what protocol they cover by their assertion? It seems
logical to restrict the _SSP policy to that of SMTP. Other
protocols can define where the relevant policy can be found, or
they could add a protocol policy scope to the record.
If you want to indicate that information, then propose a new tag
within the SSP record for the purpose. But the default should be
that the SSP applies to all modes of transport. Otherwise the Bad
Guys will just send mail like the following:
Received: by bar.com from foo.com by SMTP ...
Received: by foo.com from ebay.com by UUCP ...
From: security(_at_)ebay(_dot_)com
[NO DKIM signature]
Agreed. This issue does not appear to have been entered into the RT
tracking, but both you and Jim have suggested this alternative
solution. Here is a more formalized suggestion for a tag added to the
policy record.
s= Policy Scope (plain-text; OPTIONAL; default is "SMTP"). A colon-
separated list of policy scopes specify which protocols to which
this record applies. Verifiers for a given service type MUST
ignore this record if the appropriate type is not listed.
Currently defined service types are as follows:
* matches all service types
! disavows protocol use
SMTP RFC2821
NNTP RFC3977
MSRP RFC4975
This tag is intended to constrain the use of policy for various
transport protocols that may implement, should DKIM be defined by
other protocols in the future. This tag can also disavow use
of specific protocols to repudiate references to this domain.
ABNF:
policy-s-tag = %x73 [FWS] "=" [FWS] [proto-disavow] policy-s-tag-
type
0*( [FWS] ":" [FWS] policy-s-tag-type )
proto-disavow = "!"
policy-s-tag-type = "SMTP" / "NNTP" / "MSRP" / "*" / x-policy-s-
tag-type
x-policy-s-tag-type = hyphenated-word ; for future extension
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html